Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/OvO4TUBV8KNiU-QuWLj3VEj6ZgU.roa
File:                     OvO4TUBV8KNiU-QuWLj3VEj6ZgU.roa (raw, json)
Hash identifier:          NQ3GDXt86+OexMaOdqTedd0GNWSlKZP98HEZDzMG+zY=
Subject key identifier:   3A:F3:B8:4D:40:55:F0:A3:62:53:E4:2E:58:B8:F7:54:48:FA:66:05
Certificate issuer:       /CN=b4852ffba7d57c5a8afbb6ea5beaf7dfec0c145a
Certificate serial:       018CC6B780D2F011C34B1411F4C53F87C801
Authority key identifier: B4:85:2F:FB:A7:D5:7C:5A:8A:FB:B6:EA:5B:EA:F7:DF:EC:0C:14:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tIUv-6fVfFqK-7bqW-r33-wMFFo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/OvO4TUBV8KNiU-QuWLj3VEj6ZgU.roa
Signing time:             Mon 01 Jan 2024 20:29:24 +0000
ROA not before:           Mon 01 Jan 2024 20:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39771
IP address blocks:        153.112.232.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/tIUv-6fVfFqK-7bqW-r33-wMFFo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/tIUv-6fVfFqK-7bqW-r33-wMFFo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tIUv-6fVfFqK-7bqW-r33-wMFFo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:80:d2:f0:11:c3:4b:14:11:f4:c5:3f:87:c8:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4852ffba7d57c5a8afbb6ea5beaf7dfec0c145a
        Validity
            Not Before: Jan  1 20:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3af3b84d4055f0a36253e42e58b8f75448fa6605
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:b8:19:8a:83:86:9a:53:78:ad:ee:a5:ca:aa:
                    07:05:d1:95:b6:af:c7:57:a9:61:20:7b:69:75:94:
                    26:e6:a1:df:b1:2a:76:97:33:72:47:2c:20:82:4f:
                    d0:2c:64:69:47:5b:4a:f8:cb:cd:59:87:9d:a6:42:
                    07:b4:2a:e2:7b:61:a6:53:35:f1:36:65:68:16:29:
                    c5:0b:11:5c:d0:fa:58:b0:2f:5b:0e:f5:69:51:b2:
                    9c:16:73:93:8b:7e:27:ec:99:b8:5e:4f:92:6c:ba:
                    d3:af:7f:28:4f:d9:9c:41:af:8a:49:78:05:09:e1:
                    43:05:e6:c2:18:c2:b9:9b:7a:ac:25:97:60:c2:6b:
                    9e:03:07:48:aa:c7:46:df:89:1e:90:02:8d:ec:29:
                    7b:8a:a2:84:e6:2d:c1:76:4f:a6:92:05:89:b1:84:
                    ff:c1:c1:8b:63:26:d1:c5:e3:dc:c5:98:d3:d4:c0:
                    e5:fd:e7:47:72:e8:32:4b:ee:04:c4:59:70:14:12:
                    d4:bf:f7:84:2f:0e:c2:54:b7:b5:f1:91:98:e2:67:
                    83:9d:38:fe:4b:64:6c:3e:50:ef:20:be:30:e8:6d:
                    68:90:df:fd:b0:45:c6:eb:3a:dd:d1:11:88:99:49:
                    27:4c:76:71:6f:89:6b:62:7e:ed:00:57:a8:59:ed:
                    5c:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:F3:B8:4D:40:55:F0:A3:62:53:E4:2E:58:B8:F7:54:48:FA:66:05
            X509v3 Authority Key Identifier:
                keyid:B4:85:2F:FB:A7:D5:7C:5A:8A:FB:B6:EA:5B:EA:F7:DF:EC:0C:14:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tIUv-6fVfFqK-7bqW-r33-wMFFo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/OvO4TUBV8KNiU-QuWLj3VEj6ZgU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/tIUv-6fVfFqK-7bqW-r33-wMFFo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.112.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         29:76:d4:87:9f:b9:ac:ed:8d:96:9e:80:34:5c:62:9d:83:cd:
         13:8d:57:c0:df:65:0a:a2:41:7c:ab:4b:df:79:24:c1:38:c7:
         ba:cb:8d:6b:d3:37:7d:3f:b1:f3:5a:bd:7c:b9:90:ce:8f:2d:
         b8:9c:7f:86:df:b2:f0:da:30:8e:27:87:fd:e9:70:2c:10:88:
         7a:dc:57:b2:39:3a:e6:4c:69:28:9c:9b:68:13:36:b5:ed:2f:
         a5:21:6c:de:13:98:8c:49:63:88:46:11:59:db:76:25:61:00:
         8c:00:8b:a8:45:b2:db:24:c0:06:3a:3d:a3:eb:d6:00:1b:89:
         4d:e1:d6:ab:91:d2:b7:c5:de:f3:09:86:0f:cc:13:68:52:93:
         16:f8:20:34:bd:53:ae:b5:42:4d:58:d1:fd:d6:c9:20:f5:e2:
         12:82:24:71:9c:5e:ee:f2:57:00:33:ad:e2:1b:ac:e8:ac:21:
         41:19:38:14:5c:19:23:99:95:9e:3d:e5:67:24:77:5c:a8:b0:
         db:cd:c5:7b:e5:60:57:31:3e:df:fe:65:07:39:40:5c:95:27:
         ab:22:63:47:8e:f1:f5:be:64:ec:fc:b4:9f:ee:c7:ae:28:59:
         a0:bd:ff:21:d3:bc:76:f2:9d:1f:ea:d9:d0:96:5f:72:24:d5:
         e2:ee:16:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt4DS8BHDSxQR9MU/h8gBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ODUyZmZiYTdkNTdjNWE4YWZiYjZlYTViZWFmN2RmZWMw
YzE0NWEwHhcNMjQwMTAxMjAyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWYzYjg0ZDQwNTVmMGEzNjI1M2U0MmU1OGI4Zjc1NDQ4ZmE2NjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqbgZioOGmlN4re6lyqoHBdGVtq/H
V6lhIHtpdZQm5qHfsSp2lzNyRywggk/QLGRpR1tK+MvNWYedpkIHtCrie2GmUzXx
NmVoFinFCxFc0PpYsC9bDvVpUbKcFnOTi34n7Jm4Xk+SbLrTr38oT9mcQa+KSXgF
CeFDBebCGMK5m3qsJZdgwmueAwdIqsdG34kekAKN7Cl7iqKE5i3Bdk+mkgWJsYT/
wcGLYybRxePcxZjT1MDl/edHcugyS+4ExFlwFBLUv/eELw7CVLe18ZGY4meDnTj+
S2RsPlDvIL4w6G1okN/9sEXG6zrd0RGImUknTHZxb4lrYn7tAFeoWe1c9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDrzuE1AVfCjYlPkLli491RI+mYFMB8GA1UdIwQY
MBaAFLSFL/un1Xxaivu26lvq99/sDBRaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdElVdi02ZlZmRnFLLTdicVctcjMzLXdNRkZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9lNDVlMzAtZTdkOC00ZmI4LTkwYWQt
ZjcxMDM4ZTk2N2E0LzEvT3ZPNFRVQlY4S05pVS1RdVdMajNWRWo2WmdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9lNDVlMzAtZTdkOC00ZmI4LTkwYWQtZjcxMDM4ZTk2N2E0
LzEvdElVdi02ZlZmRnFLLTdicVctcjMzLXdNRkZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDmXDoMA0G
CSqGSIb3DQEBCwUAA4IBAQApdtSHn7ms7Y2WnoA0XGKdg80TjVfA32UKokF8q0vf
eSTBOMe6y41r0zd9P7HzWr18uZDOjy24nH+G37Lw2jCOJ4f96XAsEIh63FeyOTrm
TGkonJtoEza17S+lIWzeE5iMSWOIRhFZ23YlYQCMAIuoRbLbJMAGOj2j69YAG4lN
4darkdK3xd7zCYYPzBNoUpMW+CA0vVOutUJNWNH91skg9eISgiRxnF7u8lcAM63i
G6zorCFBGTgUXBkjmZWePeVnJHdcqLDbzcV75WBXMT7f/mUHOUBclSerImNHjvH1
vmTs/LSf7seuKFmgvf8h07x28p0f6tnQll9yJNXi7hYg
-----END CERTIFICATE-----